Combined DES salt and Keytab cleanup patch

Andrew Bartlett abartlet at samba.org
Wed Jul 12 11:33:30 GMT 2006


On Wed, 2006-07-12 at 05:53 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Dave Daugherty wrote:
> > Gerald (Jerry) Carter Sent: Tuesday, July 11, 2006 7:04 PM
> > Andrew Bartlett wrote:
> >>> The problem is that when a different application 
> >>> uses our keytab, they need to find entries by any
> >>> name that the client may use.  This includes various
> >>> case combinations.
> >>>
> >>> Really, the keytab reading code should be case 
> >>> insensitive, but that changes the kerberos libs...
> > 
> >> Yup.  I've read all of the threads on this and I want
> >> a concrete examples that fail.  This is one I have to
> >> see to believe after having following so much of the
> >> krb5 code that added for this or some other reason
> >> and is currently not even executed.  Show me and I'll
> >> add things back in one at a time.
> ...
> > As I think I mentioned before (and you probably remember 
> > since you are a smart guy) our test case is the MIT
> > kerberized telnet client that only does DES.  When I
> > was banging around in this rabbit hole, and I did not
> > populate DES keys in keytab - kerberized MIT telnet 
> > did not work.  This is not the same as "case
> > sensitivity" but it's a real application for you to
> > test with.
> 
> Yup.  I remember. And it was the first one I tested with.
> Works fine for me.  Right now I'm working with mod_auth_kerb
> for more tests. I also have OpenSSH working and will
> toy with OpenLDAP later today.

One thing to test with is different case names in the client,
particularly on windows.  Ie http://mySerVer.internal.com

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060712/5f37af4f/attachment.bin


More information about the samba-technical mailing list